﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Data.SqlClient;
using System.Data;

namespace Adams.Public.DataAccess
{
    public static class Security
    {
        public static Adams.Public.DataTransfer.Security.MemberInfo GetMemberInfo(string email)
        {
            var data = new Adams.Public.DataTransfer.Security.MemberInfo();

            using (SqlDataReader dr = DB.RunDataReader(@"
SELECT *
FROM Membership.Members
WHERE Email = @Email
", CommandType.Text,
                DB.CreateParameter("@Email", email, SqlDbType.VarChar, 50)))
            {
                if (dr.HasRows)
                {
                    dr.Read();
                    data.MemberID = dr["MemberID"].DbInt();
                    data.PasswordHash = dr["PasswordHash"].DbString();
                    data.PasswordSalt = dr["PasswordSalt"].DbString();
                    data.IsActive = dr["IsActive"].DbBool();
                    data.IsEmailConfirmed = dr["IsEmailConfirmed"].DbBool();
                    data.LastLoginAttempt = dr["LastLoginAttempt"].DbDate();
                    data.FailedLoginAttempts = dr["FailedLoginAttempts"].DbInt();
                    data.Exists = true;
                }
                else
                {
                    data.Exists = false;
                }
            }

            return data;
        }

        public static void ClearLockout(int MemberId)
        {
            DB.Run(@"
UPDATE Membership.Members SET 
FailedLoginAttempts = 0, LastLoginAttempt = GETUTCDATE()
WHERE MemberID = @MemberID
", CommandType.Text,
                DB.CreateParameter("@MemberID", MemberId, SqlDbType.Int));
        }

        public static void UpdateLockout(int MemberId)
        {
            DB.Run(@"
UPDATE Membership.Members SET 
FailedLoginAttempts = (FailedLoginAttempts + 1), LastLoginAttempt = GETUTCDATE()
WHERE MemberID = @MemberID
", CommandType.Text,
                    DB.CreateParameter("@MemberID", MemberId, SqlDbType.Int));
        }

        public static void SaveMember(DataTransfer.Security.SignupSaveData input)
        {
            DB.RunScalar(@"
INSERT INTO Membership.Members (FirstName, LastName, Email, Street, Street2, City, State, ZipCode, Phone, PasswordHash, PasswordSalt, IsActive, IsLocked)
VALUES (@FirstName, @LastName, @Email, @Street, @Street2, @City, @State, @ZipCode, @Phone, @PasswordHash, @PasswordSalt, 0, 0)
", CommandType.Text,
                DB.CreateParameter("@FirstName", input.FirstName.ToNString()),
                DB.CreateParameter("@LastName", input.LastName.ToNString()),
                DB.CreateParameter("@Email", input.Email.ToNString()),
                DB.CreateParameter("@Street", input.Street.ToNString()),
                DB.CreateParameter("@Street2", input.Street2.ToNString()),
                DB.CreateParameter("@City", input.City.ToNString()),
                DB.CreateParameter("@State", input.State.ToNString()),
                DB.CreateParameter("@ZipCode", input.ZipCode.ToNString()),
                DB.CreateParameter("@Phone", input.Phone.ToNString()),
                DB.CreateParameter("@PasswordHash", input.PasswordHash.ToNString()),
                DB.CreateParameter("@PasswordSalt", input.PasswordSalt.ToNString()));
        }

        public static void ConfirmEmail(string email)
        {
            DB.Run(@"
UPDATE Membership.Members SET 
IsActive = 1, IsEmailConfirmed = 1
WHERE Email = @Email
", CommandType.Text,
    DB.CreateParameter("@Email", email));
        }

        public static void ResetPassword(string email, string passwordHash)
        {
            DB.Run(@"
UPDATE Membership.Members SET 
PasswordHash = @PasswordHash
WHERE Email = @Email
", CommandType.Text,
    DB.CreateParameter("@Email", email),
    DB.CreateParameter("@PasswordHash", passwordHash));
        }
    }
}
